SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 




SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 




SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 



3/10 




SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No. : 36992.00 1 07 (HAL 265) 



4/10 




SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 



.30©- 



n 

St* 



^5- 



4CTf 



si 



n 

HAP 



/I 



Name 



Encryption 



Hash 



Concatenation 



CA Private Key 



CA Public Key 



Partner Information 



Partner Private Key 



Partner Public Key 



Partner Certificate 



Partner Service Private Key 



Partner Service Public Key 



Terminal Information 



Terminal Private Key 



Terminal Public Key 



Terminal Certificate 



Personal Data 



Personal Data Encryption Key 



Encrypted Personal Data 



Personal Data information 



Session Key 



Expression 



E(K,D) 



H(D) 



AH B 



Ka 



IP 



Kp 



KPp 



C(Ka, KPp || !p) 



Ksv 



KPsv 



Kt 



KPt 



C(Ka, KPt || It) 



PDk, k=1,2,... 



Kdk, k=1,2, . 



E(PDk T Kdk),k=1,2,\ 



Ksk f k=1 , 2, . 



5/10 



Description 



The result of encrypting 
information "D"with key"K" 



The result of hashing information 
-D- 



Concatenation of "A" and "B" 



A private key used by a CA to sign 
certificate 



A public key corresponding to Ka 



The information pertaining to the 
partner 



A private key owned by the partner 



A public key corresponding to Kp 



X;509 certificate for the partner 



A private key owned by the partner 
service 



A public key corresponding to Ksv 



The information pertaining to the 
partner 



A private key owned by the 
terminal 



A public key corresponding to Kt 



X.509 certificate for the terminal 



Personal data for eBusiness 
service transaction 



A symmetric key to encrypt 
personal data (stored in the TRM 
of the PIN-SMMC) 



Personal data stored in an 
encrypted format in the flash 
memory portion of the PIN-SMMC 



Information related to identifying 
the appropriate personal data to 
submit to the partner site 



A symmetric key generated in 
real-time to encrypt a 
communication session 



FIG. 5 



SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 



6/10 



o 

CO 



1 

-5 



o 
to 



3 

a. 
a 



o 

ulg* 
58° 



z o S 
o z 

Q_ CO t 
> UJ z 

a: a 3 
a o 
z a: 
uj o. 



to 

LL to 

ujO>; 
a: z £ 
=> o Q 
o c 5 
uj £ uj 
w§5 
a 





tO 


UJ 


O 

. CO 


AC 




rERF 









SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 



7/10 



+ 



PERFORMING A FIRST PORTION OF TRANSACTION WITH A FIRST SITE VIA A NETWORK, WHEREIN THE 

FIRST SITE CONTACTS A SECOND SITE VIA THE NETWORK TO REQUEST THAT THE SECOND SITE 
PERFORM A SECOND PORTION OF THE TRANSACTION, WHEREIN PERSONAL DATA ABOUT A USER IS 
REQUIRED TO COMPLETE THE SECOND PORTION OF THE TRANSACTION 



702 



704 



I 



RECEIVING A CERTIFICATE FROM THE SECOND SITE VIA THE NETWORK 



706 



AUTHENTICATING THE CERTIFICATE OF THE SECOND SITE 



I 



708 



CONTACTING THE SECOND SITE VIA THE NETWORK IF THE CERTIFICATE IS AUTHENTICATED 



710 



712 



714 



RECEIVING FROM THE SECOND SITE A REQUEST FOR THE PERSONAL DATA VIA THE NETWORK 



I 



REQUESTING THE PERSONAL DATA FROM A SECURE DEVICE, WHEREIN THE SECURE DEVICE 
CONTAINS AN ENCRYPTED VERSION OF THE PERSONAL DATA AND A FIRST KEY FOR DECRYPTING 

THE ENCRYPTED PERSONAL DATA 



RECEIVING THE ENCRYPTED PERSONAL DATA AND THE FIRST KEY FROM THE SECURE DEVICE 



I 



716 



DECRYPTING THE ENCRYPTED PERSONAL DATA USING THE FIRST KEY 



718 



RE-ENCRYPTING THE PERSONAL DATA USING A SECOND KEY ASSOCIATED WITH THE SECOND SITE 



I 



720 



TRANSMITTING THE RE-ENCRYPTED PERSONAL DATA TO THE SECOND SITE VIA THE NETWORK, 
WHEREIN THE SECOND SITE DECRYPTS THE RE-ENCRYPTED PERSONAL DATA WITH THE SECOND KEY 
AND USES THE PERSONAL DATA TO COMPLETE THE SECOND PORTION OF THE TRANSACTION 



FIG. 7 



SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.00107 (HAL 265) 



8/10 



RECEIVING, VIA A NETWORK, A REQUEST FROM A SITE TO PERFORM A PORTION OF A TRANSACTION 

WITH A TERMINAL COUPLED TO THE NETWORK, WHEREIN AN INITIAL PORTION OF THE 
TRANSACTION IS PERFORMED BETWEEN THE SITE AND THE TERMINAL VIA THE NETWORK, WHEREIN 
PERSONAL DATA ABOUT A SUBJECT/USER OF THE TERMINAL IS REQUIRED TO COMPLETE THE 
REQUESTED PORTION OF THE TRANSACTION 



I 



TRANSMITTING A CERTIFICATE TO THE TERMINAL VIA THE NETWORK, WHEREIN THE TERMINAL 
AUTHENTICATES THE CERTIFICATE AND TRANSMITS VIA THE NETWORK AN INDICATION THAT 
INDICATES THAT THE CERTIFICATE HAS BEEN AUTHENTICATED 



I 



TRANSMITTING TO THE TERMINAL VIA THE NETWORK A REQUEST FOR THE PERSONAL DATA, 
WHEREIN A SECURE DEVICE IS COUPLED TO THE TERMINAL, WHEREIN THE SECURE DEVICE 
CONTAINS AN ENCRYPTED VERSION OF THE PERSONAL DATA AND A FIRST KEY FOR DECRYPTING 
THE ENCRYPTED PERSONAL DATA, WHEREIN THE SECOND DEVICE PROVIDES THE TERMINAL WITH 
THE ENCRYPTED PERSONAL DATA AND THE FIRST KEY AND THE TERMINAL USES THE FIRST KEY TO 
DECRYPT THE ENCRYPTED PERSONAL DATA . 



PROVIDING THE TERMINAL WITH A SECOND KEY VIA THE NETWORK, WHEREIN THE TERMINAL RE- 
ENCRYPTS THE PERSONAL DATA WITH THE SECOND KEY 



I 



RECEIVING THE RE-ENCRYPTED PERSONAL DATA FROM THE TERMINAL VIA THE NETWORK 



DECRYPTING THE RE-ENCRYPTED PERSONAL DATA WITH THE SECOND KEY 



COMPLETING THE REQUESTED PORTION OF THE TRANSACTION USING THE PERSONAL DATA 



FIG. 8 



SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et al. 
Attorney Docket No.: 36992.001 07 (HAL 265) 




FIG. 9 



SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR 
CONDUCTING A SECURE TRANSACTION VIA A NETWORK 
Inventors: Wilson Sing-Hei So et at. 
Attorney Docket No.: 36992.00107 (HAL 265) 



10/10 

CO 
CN 
O 




